04b54cd88268fc3d58814ed4f56da7c464579b8d31193451098014a3c92a721f | Triage

Analysis

max time kernel
151s
max time network
170s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
15-03-2022 04:05

Sharing

Report Analysis Logs

General

Target

04b54cd88268fc3d58814ed4f56da7c464579b8d31193451098014a3c92a721f.dll
Size

261KB
MD5

183bf2217d4d1bbc07bbfc3982c327b0
SHA1

e84dd9420f0652da51b9ebfe61ecbfe434e9e52f
SHA256

04b54cd88268fc3d58814ed4f56da7c464579b8d31193451098014a3c92a721f
SHA512

8239784f114d750a2ca63e482983b132b8a789ae76785f4e20eec19000e12b44742dbb05f19d2025482994bfc6fba65796cfad3711ec85f1dee4271573a04e2c

Score

3^/10

Malware Config

Signatures

Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid pid_target process target process

2200 3516 WerFault.exe rundll32.exe
3484 3516 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 2 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3516 wrote to memory of 2200	3516	rundll32.exe	WerFault.exe
PID 3516 wrote to memory of 2200	3516	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\04b54cd88268fc3d58814ed4f56da7c464579b8d31193451098014a3c92a721f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3516

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 3516 -s 408
2⤵
- Program crash
PID:2200

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 3516 -s 408
2⤵
- Program crash
PID:3484

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 416 -p 3516 -ip 3516
1⤵
PID:1600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...